FAQ

Microsegmentation is a cyber security technique that divides the network into small, isolated microsegments, each governed by its own security policies. It enforces granular access controls at the workload or process level, limits lateral movement and contains breaches within a minimal blast radius. Microsegmentation can be applied across data centres, hybrid clouds and multi-cloud environments to protect individual virtual machines, containers or applications with tailored policies.

Traditional network segmentation uses broad perimeter controls—such as VLANs or IP-based firewalls—to manage north–south traffic between internal networks and external sources. Microsegmentation extends protection to east–west traffic by creating fine-grained zones based on identity or workload attributes rather than just IP addresses. This approach delivers dynamic, context-aware policy enforcement that scales with modern cloud-native and containerised architectures.

Microsegmentation reduces the attack surface by permitting only explicitly authorised communication paths, which strengthens breach containment and minimises lateral movement. It enhances regulatory compliance through detailed audit trails and data sovereignty controls for sensitive workloads. Additionally, it improves visibility via application discovery and dependency mapping, giving security teams unparalleled process-level insight into their entire IT estate.

Accurately mapping east–west traffic dependencies to define granular policies without disrupting application communications is a major hurdle. Legacy segmentation tools often lack the process-level visibility required for dynamic, containerised environments, making it hard to discover and secure constantly changing workloads. Teams may also struggle with managing thousands of fine-grained policies and avoiding misconfigurations that could cause downtime or security gaps. Automating policy creation and integrating with orchestration tools are critical to overcoming these challenges.

Microsegmentation embodies Zero Trust’s ‘never trust, always verify’ ethos by enforcing least-privilege access at every communication point. It isolates workloads into microsegments, preventing unauthorised lateral movement and ensuring only authenticated, authorised processes can communicate. When combined with continuous monitoring and identity-aware controls, Microsegmentation provides the policy enforcement and visibility essential to operationalising Zero Trust in hybrid and multi-cloud environments.